The problem is that there is a law to protect the muggers and a law to protect the mugged. The law to protect the muggers is easy to enforce and the muggers hang out at the same donut shops as the police. The law to protect the mugged is mostly theoretical and you have to pay a cover charge to get in the donut shop.

The fact that a law has 'fair use' exemptions tells you all you need to know about the fairness of the law and the fact that the fair use exemptions have to be renewed every three years tells you every thing you need to know about the intent of the people who created the law.

Maybe, while waiting for more comprehensive solutions to the problem, the viable solution we should all push towards is "social DRM".
Let Amazon (and the other media vendors) embed the identity of the buyer in each file as deeply as they can; and let them sue whoever illegally distributes the files they purchased. But the files must be freely copiable and transferrable among devices (and people, such as within a household or between friends). Just like real books or CDs.

In this way people will have the responsibility to look after their own purchases (so that they are not distributed): in fact any unauthorized distribution via P2P will cause problems to the owner of the file, not to the distributor. But people will finally get to own a piece of media, not a license to access a piece of media that is owned by someone else.

I strongly suspect that the main reason why social DRM is not much used is that the limitations associated to conventional DRM are a bug for consumers, but a (valuable) feature for media vendors...

Maybe, while waiting for more comprehensive solutions to the problem, the viable solution we should all push towards is "social DRM".
Let Amazon (and the other media vendors) embed the identity of the buyer in each file as deeply as they can; and let them sue whoever illegally distributes the files they purchased. But the files must be freely copiable and transferrable among devices (and people, such as within a household or between friends). Just like real books or CDs.

In this way people will have the responsibility to look after their own purchases (so that they are not distributed): in fact any unauthorized distribution via P2P will cause problems to the owner of the file, not to the distributor. But people will finally get to own a piece of media, not a license to access a piece of media that is owned by someone else.

I strongly suspect that the main reason why social DRM is not much used is that the limitations associated to conventional DRM are a bug for consumers, but a (valuable) feature for media vendors...

And just who is going to be monitoring every file upload and download and transfer to seek out this deeply embedded identifying information?

And just who is going to be monitoring every file upload and download and transfer to seek out this deeply embedded identifying information?

That's the great thing about computers. No person need do so - create a program and have it snoop across the wire or as a spider in various torrents/download sites. Multiply by hundreds or thousands of instances and you can monitor for such easily.

Of course, it'll find "innocent" postings, such as a public file on dropbox you are sharing with a child across the country, which will look the same as a file you are sharing with the world.

If the RIAA and other "rights holders" had their way, they'd simply monitor your computer from the OS, so any download would trigger a violation report.

That's the great thing about computers. No person need do so - create a program and have it snoop across the wire or as a spider in various torrents/download sites. Multiply by hundreds or thousands of instances and you can monitor for such easily.

Of course, it'll find "innocent" postings, such as a public file on dropbox you are sharing with a child across the country, which will look the same as a file you are sharing with the world.

If the RIAA and other "rights holders" had their way, they'd simply monitor your computer from the OS, so any download would trigger a violation report.

And there goes even the illusion of privacy. This is much, much worse than the current DRM.

I spent a few minutes thinking about possible policies to separate authorized from unauthorized file sharing practices in the hypothesis that social DRM (i.e., data embedded in a file that identify who purchased it) becomes the standard copy-protection mechanism.
Perhaps something like the following, simple as it is, could work (what do you think?):

The owner of a media file (as identified by the data embedded in the file) is considered personally responsible of illegal distribution of that file if and only if it is proved that a person received a copy of the file without being personally identified by the owner of the file.

Proving the absence of personal identification by the owner should be trivial, in particular, when a file is published on public web spaces or on P2P networks: which are the main things that media companies say they want to prevent with current DRM schemes.

That would require a drastic change in law. Right now, you're not responsible for the illegal distribution of things you own if they're stolen from you; that phrasing doesn't seem to have an allowance for "college roommate hacked into my computer and copied all the files."

There's also the issue of defining "personally responsible." How do you prosecute someone who *didn't do the act* but is somehow "responsible?" Does that mean the person who did the distributing is off the hook entirely--that if you get an unwitting permission from someone to "borrow some books to read," and then load them to the torrents and fileshare sites, they, not you, are guilty of copyright infringement?

And "absence of personal ID by the owner" is also hard to prove. What counts as ID? If I knew it was downloaded by DragonBane381, R33DERG33K, and Fan-of-ebooks, does that count as personally identifying them?

I bet you're right. I also bet that they don't care. Amazon was never a proponent of DRM, that was enacted by publishers. Amazon essentially want eBooks to be like iTunes, a $0.99 item that no one is interested in pirating. So as long as you don't resell their books and undermine the market I don't believe they care. But they do monitor, because information is power.

That would require a drastic change in law. Right now, you're not responsible for the illegal distribution of things you own if they're stolen from you

You are right. Ok, here is the first modification to my proposal:
1) if you have notified to the police a theft of property which included items usable to access your media library before the illegal distribution occurs, you cannot be held responsible for distribution of media purchased before the notification date.

Quote:

Originally Posted by Elfwreck

that phrasing doesn't seem to have an allowance for "college roommate hacked into my computer and copied all the files."

Yes, it doesn't. As digital data increasingly becomes an integral part of our lives, our responsibility and perception of the issues related to its management should rise accordingly. Especially when our management of the "digital" part of our life damages someone else.
If you gave your computer's password to your idiot roommate and your files end up on some torrent site, you have a responsibility in that. However, here is a second modification:
2) both of the owner of the file and of the actual distributor are responsible if illegal distribution of that file occurs.

Quote:

Originally Posted by Elfwreck

There's also the issue of defining "personally responsible." How do you prosecute someone who *didn't do the act* but is somehow "responsible?"

Here, I stick to my original idea. If the file is yours because you purchased it (and you didn't denounce its theft to the police) you have a responsibility to do whatever is needed to ensure that it doesn't get illegally distributed. If I work in a bank and keep my bank passwords in an unencrypted file in my PC, and my roommate uses them to rob the bank, I think I am legally prosecutable. Isn't it like that?

Quote:

Originally Posted by Elfwreck

Does that mean the person who did the distributing is off the hook entirely--that if you get an unwitting permission from someone to "borrow some books to read," and then load them to the torrents and fileshare sites, they, not you, are guilty of copyright infringement?

That would not do. Already addressed by modification #2.

Quote:

Originally Posted by Elfwreck

And "absence of personal ID by the owner" is also hard to prove. What counts as ID? If I knew it was downloaded by DragonBane381, R33DERG33K, and Fan-of-ebooks, does that count as personally identifying them?

This needs work. However, as a first approximation:

3) A media publisher finds online a file owned by BoldlyDubious, and distributed by someone nicknamed DragonBane381. They call the police, and the police sends to BoldlyDubious an official note saying that within 15 days they expect the real name and surname of the person associated to the nickname DragonBane381 to be provided to them. If such person confirms to be DragonBane381, BoldlyDubious is off the hook (but DragonBane381 isn't). If the person does not confirm to be DragonBane381, BoldlyDubious is prosecutable.

If the person contacted by the police does not confirm its identity as DragonBane381, two cases are possible:
(i) the person actually wasn't DragonBane381, so BoldlyDubious gave the file to someone without knowing her/his identity and deserves prosecution;
(ii) the person really was DragonBane381 but did not admit it, so BoldlyDubious is responsible for giving the file to someone inclined to do something unlawful with it, and deserves prosecution.

BoldlyDubious, I think that the source of the file is irrelevant. The person who uploads the file to a torrent or a file-sharing site is the one responsible; who cares where that person got the file in the first place?

An uploaded file has to be associated with some account; go after the person who owns that account.

BoldlyDubious, I think that the source of the file is irrelevant. The person who uploads the file to a torrent or a file-sharing site is the one responsible; who cares where that person got the file in the first place?

This is how things are now. The results are: (i) people who upload files to file-sharing sites are almost impossible to identify; (ii) using this as their justification (or excuse), media companies subject everyone to drastic licensing schemes which greatly limit what they can do with the files they purchase (or, more precisely, get a license to access).

Given that the current type of DRM can easily be removed, the system does not damage illegal uploaders; while it certainly creates absurd difficulties to users behaving correctly.

My proposal for "social DRM" (I don't think I have been especially original, certainly someone else already proposed something similar) aims at changing this.
This is done by giving to media purchasers both the freedom to do whatever they want with the files they bought, and the responsibility to choose wisely what they do with them.
One of the key points is that consumers would get to own media, not licenses. Therefore, many reasonable things that are now difficult and/or prohibited would become easy and possible. To name just a few: backing up, lending to friends and family, changing reading device, leaving your media library to your sons and daughters when you die, ...

Given that the current type of DRM can easily be removed, the system does not damage illegal uploaders; while it certainly creates absurd difficulties to users behaving correctly.

Since it can be easily removed, it does NOT create absurd difficulties. It creates an annoyance, and allows the media companies to think they're doing something to prevent piracy.

I don't like it, but I think the current DRM is much preferable to any system that attempts to identify the source of a file, because that system would be too open to mistakes and abuse and violations of privacy. The people who engage in illegal distribution now will find a way around it, and the rest of us might suffer for it. What's to stop a pirate from attaching the name of an innocent person to the file, and thereby creating all sorts of difficulties for that person?

Since it can be easily removed, it does NOT create absurd difficulties. It creates an annoyance, and allows the media companies to think they're doing something to prevent piracy.

Removing DRM is prohibited by the Terms of Service (so if you are caught doing that the media provider can act against you, for instance by closing your account) and -somewhere at least- illegal, so by stripping DRM you are violating the law. I want a solution that does not require breaking laws or licenses, and that works for everyone.
In fact, only people with a minimum of technical knowledge can apply DRM removal tools, so the current DRM system leaves most people with crippled media libraries.

Quote:

Originally Posted by Catlady

What's to stop a pirate from attaching the name of an innocent person to the file, and thereby creating all sorts of difficulties for that person?

If that person did not buy that particular file, the media publisher will instantly know that it's a fake. No need to involve the innocent person.
Moreover, I don't think that "pirates" (who are not getting a profit from uploading) will find the will and the time to set up complex re-encoding of the files with fake data, knowing that these can be quickly identified as such.

Of course, if you can strip identification information from a file you get back to today's situation where -after DRM removal- the file bears no identifier. My basic assumption is that it is possible to devise systems for embedding identification information in a file that make removing such information a bit of a hassle.